The Schneider Electric C-Gate running on the remote host is affected by multiple vulnerabilities :
A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An authenticated, remote attacker can leverage this vulnerability to execute code in the context of SYSTEM. (CVE-2021-22717)
A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An authenticated, remote attacker can leverage this vulnerability to execute code in the context of SYSTEM. (CVE-2021-22719)
A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An authenticated, remote attacker can leverage this vulnerability to disclose information in the context of SYSTEM. (CVE-2021-22720)
Note that Nessus has not tested for the issue but has instead relied only on the application’s self-reported version number.
Binary data schneider_electric_cgate_icsa-21-105-01.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | c-gate | x-cpe:/a:schneider-electric:c-gate |